Apache command cheatsheet
Find DB Version
1
mariadb --version
1
mysql --version
When your running your own lamp on vps having a cheatsheet like this for Apache may come in handy. Especially when the rubber hits the road.
Stop your web server
1
sudo systemctl stop apache2
Start the web server when it is stopped, type:
1
sudo systemctl start apache2
Stop and then start the service again, type:
1
sudo systemctl restart apache2
Reload without dropping connections.
1
sudo systemctl reload apache2
Re-enable the service to start up at boot, type:
1
sudo systemctl enable apache2
Enable the file with the a2ensite tool:
1
sudo a2ensite your_domain.conf
Disable the default site defined in 000-default.conf:
1
sudo a2dissite 000-default.conf
Test for configuration errors:
1
sudo apache2ctl configtest
REBOOT reboot a server from the command line, run:
1
sudo shutdown -r now
By default, Apache is configured to start automatically when the server boots. If this is not what you want, disable this behavior by typing:
1
sudo systemctl disable apache2
Query the state of apache processes
1
sudo systemctl status apache2.service -l --no-pager
Check apache for config errors
1
sudo apachectl configtest
Search apache error log
This will only search 2 lines
1
sudo tail -n 2 /var/log/apache2/error.log
View apache error log
1
vim /var/log/apache2/error.log
Troubleshooting
Apache not starting
Find out what the problem is:
1
sudo apachectl configtest
Whenever i delete certificates and then restart the server. then apache fails to start up because some of the certificate files still need to be deleted. All the details for this are output in the configtest log.
UFW
It’s so satisfying and much cheaper to host your own websites on a self managed barebones vps. But if you’re going to host your own websites then you will need to have a firewall running to protect your website from hackers.
Luckily UFW, the default firewall on Linux distributions makes the process of enabling a firewall simple.
What is a website firewall?
A website firewall is a security solution designed to monitor, filter, and block malicious traffic to a website. It helps protect against various online threats, such as hacking attempts, DDoS attacks, and other types of cyber threats by analyzing and filtering incoming web traffic.
What is UFW?
Uncomplicated Firewall (UFW) is a user-friendly command-line interface for managing iptables, which is the default firewall management tool in many Linux distributions. UFW is designed to simplify the process of configuring a firewall by providing a straightforward syntax.
Enable Firewall
1
sudo ufw enable
Disable Firewall
1
sudo ufw disable
Status
See what rules are in place
1
sudo ufw status
Get a bit more information
1
sudo ufw status verbose
Allow range of ip’s
1
sudo ufw allow proto tcp from 104.245.210.224/28 to any port 22
Allow range of ip’s with a dry run
1
sudo ufw --dry-run allow proto tcp from 104.245.210.224/28 to any port 22
Reset all UFW rules
Start from the default ufw configuring your rules
1
sudo ufw reset
allow access to special port
1
ufw allow from 1.2.3.4 to any port 7080
To view all blocked threats using Uncomplicated Firewall (ufw), you can check the firewall logs. Use the following command in the terminal:
1
sudo ufw status | grep BLOCK
This command filters the status output to show only the blocked entries, providing information about blocked threats or unauthorized access attempts.
Create sudo user
Creating a Non-Root Sudo User for Apache
This guide will walk you through creating a new user with sudo privileges specifically for managing your Apache web server.
Step 1: Create a New User
First, you’ll create a new user account on your system. Choose a descriptive username, like apache-admin
. Open your terminal and run the following command as the root user or a user with sudo privileges:
1
sudo adduser apache-admin
Alright, let’s get you set up with a non-root sudo user for Apache. Here are some straightforward instructions in Markdown: Markdown
Creating a Non-Root Sudo User for Apache
This guide will walk you through creating a new user with sudo privileges specifically for managing your Apache web server.
Step 1: Create a New User
First, you’ll create a new user account on your system. Choose a descriptive username, like apache-admin
. Open your terminal and run the following command as the root user or a user with sudo privileges:
1
sudo adduser apache-admin
You’ll be prompted to set a password for this new user and optionally provide other information. Make sure to choose a strong, unique password.
Step 2: Add the User to the sudo Group
To allow the new user to execute commands with superuser privileges, you need to add them to the sudo group. Use the following command:
1
sudo usermod -aG sudo apache-admin
This command adds the apache-admin user to the sudo group.
Step 3: Grant Specific Permissions for Apache
Instead of giving the user full sudo access, it’s best practice to grant only the necessary permissions for managing Apache. You’ll need to edit the sudoers file. Use the visudo command to edit this file safely. This command locks the file to prevent multiple edits and checks for syntax errors upon saving.
1
sudo visudo
This will open the sudoers file in your default text editor (usually nano or vi). Be very careful when editing this file. Incorrect syntax can lock you out of your system.
Add the following line to the end of the file (or within the user privilege specification section), replacing /path/to/apachectl with the actual path to your apachectl executable (you can usually find this with which apachectl):
1
apache-admin ALL=(root) NOPASSWD: /usr/sbin/apachectl, /usr/sbin/service apache2 *
Explanation of the line above:
- apache-admin: Specifies the user this rule applies to.
- ALL=(root): Allows the user to run commands as the root user.
- NOPASSWD:: Specifies that no password is required for the following commands. Use this cautiously and only for specific, necessary commands.
- /usr/sbin/apachectl: Allows the user to execute the apachectl command.
- /usr/sbin/service apache2 *: Allows the user to use the service command to manage the apache2 service (start, stop, restart, etc.). Note: The service name might be different on your system (e.g., httpd). Adjust accordingly.
Step 4: Save and Exit visudo
After adding the line, save the changes and exit the text editor. If you used nano, press Ctrl+X, then Y to confirm saving. If you used vi, press Esc, then type :wq and press Enter.
Step 5: Test the New User
Now, switch to the new apache-admin user:
1
su - apache-admin
Try running Apache-related commands using sudo without a password:
1
2
3
sudo apachectl configtest
sudo service apache2 status
sudo service apache2 restart
If everything is configured correctly, these commands should execute without prompting for a password.
Important Security Considerations:
- Grant only the necessary permissions. Avoid giving the user full sudo access if it’s not required.
- Carefully verify the paths to the Apache executables on your system.
- Regularly review your sudoers file to ensure the permissions are still appropriate.
That’s it! You’ve now created a non-root user with specific sudo privileges for managing your Apache web server.